Tougher penalties, including imprisonment, are urged for misuse of personal data

Criminal sanctions, including imprisonment, should be brought in for people who misuse personal health data, the UK Nuffield Council on Bioethics has recommended in a new report.1

Arguing that greater reassurance on data security is needed to achieve the wholehearted support of the public for “big data” projects, the report says that existing legislation needs to be strengthened to make misuse a criminal offence, whether or not such misuse causes demonstrable harm to individuals. At present the Data Protection Act provides grounds for an action under civil but not criminal law.

The report says that current data projects have the potential to generate new knowledge, improve medical practice, increase service efficiency, and drive innovation. These projects include …